X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Focteontx2%2Fotx2_ipsec_po.h;h=b3e7456551cfeea51a66220795b3362632e883c8;hb=3841fc3581ec4d95bf8a72e8a545db8d03ecd2bd;hp=f2167f220a14ef699e778487cda05968bc1e5bc4;hpb=465f7e5804fa2ddc50a8d5239b78e2cb2e8fbd6a;p=dpdk.git diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index f2167f220a..b3e7456551 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -10,10 +10,6 @@ #include #define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN 0x09 -#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN 0x28 - -#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN 0x22 -#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN 0x38 #define OTX2_IPSEC_PO_PER_PKT_IV BIT(11) @@ -22,6 +18,14 @@ #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23 #define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24 +#define OTX2_IPSEC_PO_INB_RPTR_HDR 0x8 + +enum otx2_ipsec_po_mode_type { + OTX2_IPSEC_PO_TRANSPORT = 1, + OTX2_IPSEC_PO_TUNNEL_IPV4, + OTX2_IPSEC_PO_TUNNEL_IPV6, +}; + enum otx2_ipsec_po_comp_e { OTX2_IPSEC_PO_CC_SUCCESS = 0x00, OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0, @@ -86,6 +90,12 @@ enum { OTX2_IPSEC_PO_SA_ENCAP_UDP = 1, }; +struct otx2_ipsec_po_out_hdr { + uint32_t ip_id; + uint32_t seq; + uint8_t iv[16]; +}; + union otx2_ipsec_po_bit_perfect_iv { uint8_t aes_iv[16]; uint8_t des_iv[8]; @@ -148,19 +158,38 @@ struct otx2_ipsec_po_in_sa { /* w8 */ uint8_t udp_encap[8]; - /* w9-w23 */ - struct { - uint8_t hmac_key[48]; - struct otx2_ipsec_po_traffic_selector selector; - } aes_gcm; + /* w9-w33 */ + union { + struct { + uint8_t hmac_key[48]; + struct otx2_ipsec_po_traffic_selector selector; + } aes_gcm; + struct { + uint8_t hmac_key[64]; + uint8_t hmac_iv[64]; + struct otx2_ipsec_po_traffic_selector selector; + } sha2; + }; + union { + struct otx2_ipsec_replay *replay; + uint64_t replay64; + }; + uint32_t replay_win_sz; }; struct otx2_ipsec_po_ip_template { RTE_STD_C11 union { - uint8_t raw[252]; - struct rte_ipv4_hdr ipv4_hdr; - struct rte_ipv6_hdr ipv6_hdr; + struct { + struct rte_ipv4_hdr ipv4_hdr; + uint16_t udp_src; + uint16_t udp_dst; + } ip4; + struct { + struct rte_ipv6_hdr ipv6_hdr; + uint16_t udp_src; + uint16_t udp_dst; + } ip6; }; }; @@ -178,10 +207,22 @@ struct otx2_ipsec_po_out_sa { uint32_t esn_hi; uint32_t esn_low; - /* w8-w39 */ - struct otx2_ipsec_po_ip_template template; - uint16_t udp_src; - uint16_t udp_dst; + /* w8-w55 */ + union { + struct { + struct otx2_ipsec_po_ip_template template; + } aes_gcm; + struct { + uint8_t hmac_key[24]; + uint8_t unused[24]; + struct otx2_ipsec_po_ip_template template; + } sha1; + struct { + uint8_t hmac_key[64]; + uint8_t hmac_iv[64]; + struct otx2_ipsec_po_ip_template template; + } sha2; + }; }; static inline int @@ -210,6 +251,9 @@ ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform) if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { if (keylen >= 20 && keylen <= 64) return 0; + } else if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) { + if (keylen >= 32 && keylen <= 64) + return 0; } return -ENOTSUP; @@ -311,7 +355,7 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, return -EINVAL; } - ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4; + ctl->inner_ip_ver = ctl->outer_ip_ver; if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT; @@ -335,8 +379,8 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, return -ENOTSUP; } } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { - ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM; - aes_key_len = xform->cipher.key.length; + ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CBC; + aes_key_len = cipher_xform->cipher.key.length; } else { return -ENOTSUP; }